From 71cb61a2f4d31bb28666da345c9bbfc8b2848b1a Mon Sep 17 00:00:00 2001 From: RequiemP Date: Tue, 24 Feb 2026 14:37:00 +0300 Subject: [PATCH] add custom tls config --- src/channel_pool.rs | 10 +++++++++- src/qdrant_client/config.rs | 36 ++++++++++++++++++++++++++++++++++++ src/qdrant_client/mod.rs | 2 ++ 3 files changed, 47 insertions(+), 1 deletion(-) diff --git a/src/channel_pool.rs b/src/channel_pool.rs index aa963488..7e5567d0 100644 --- a/src/channel_pool.rs +++ b/src/channel_pool.rs @@ -16,6 +16,7 @@ pub struct ChannelPool { connection_timeout: Duration, keep_alive_while_idle: bool, pool_size: usize, + tls_config: Option, } impl ChannelPool { @@ -25,6 +26,7 @@ impl ChannelPool { connection_timeout: Duration, keep_alive_while_idle: bool, mut pool_size: usize, + tls_config: Option, ) -> Self { // Ensure `pool_size` is always >= 1 pool_size = std::cmp::max(pool_size, 1); @@ -37,6 +39,7 @@ impl ChannelPool { connection_timeout, keep_alive_while_idle, pool_size, + tls_config, } } @@ -66,7 +69,10 @@ impl ChannelPool { .expect("Version info should be a valid header value"); let endpoint = if tls { - let tls_config = ClientTlsConfig::new().with_native_roots(); + let tls_config = self + .tls_config + .clone() + .unwrap_or(ClientTlsConfig::new().with_native_roots()); endpoint .tls_config(tls_config) .map_err(|e| Status::internal(format!("Failed to create TLS config: {e}")))? @@ -168,6 +174,7 @@ fn require_get_channel_fn_to_be_send() { Duration::from_millis(0), false, 2, + None, ) .get_channel() .await @@ -187,6 +194,7 @@ mod test { Duration::default(), false, 5, + None, ); assert_eq!(channel.next_channel_index(), 0); diff --git a/src/qdrant_client/config.rs b/src/qdrant_client/config.rs index 6843df32..12ec46b6 100644 --- a/src/qdrant_client/config.rs +++ b/src/qdrant_client/config.rs @@ -1,5 +1,7 @@ use std::time::Duration; +use tonic::transport::ClientTlsConfig; + use crate::{Qdrant, QdrantError}; /// Qdrant client configuration @@ -42,6 +44,9 @@ pub struct QdrantConfig { /// Amount of concurrent connections. /// If set to 0 or 1, connection pools will be disabled. pub pool_size: usize, + + /// Custom configuration for TLS encryption on gRPC channels. + pub tls_config: Option, } impl QdrantConfig { @@ -138,6 +143,29 @@ impl QdrantConfig { self } + /// Set the TLS configuration to use for this client + /// + /// ```rust,no_run + ///# fn main() -> Result<(), Box> { + /// use qdrant_client::Qdrant; + /// use tonic::transport::ClientTlsConfig; + /// use tonic::transport::Certificate; + /// + /// let ca_cert_pem = std::fs::read_to_string("path/to/ca.crt")?; + /// let tls_config = ClientTlsConfig::new() + /// .ca_certificate(Certificate::from_pem(ca_cert_pem)); + /// + /// let client = Qdrant::from_url("http://localhost:6334") + /// .tls_config(Some(tls_config)) + /// .build(); + ///# Ok(()) + ///# } + /// ``` + pub fn tls_config(mut self, tls_config: Option) -> Self { + self.tls_config = tls_config; + self + } + /// Set an API key /// /// Also see [`api_key()`](fn@Self::api_key). @@ -188,6 +216,13 @@ impl QdrantConfig { pub fn set_pool_size(&mut self, pool_size: usize) { self.pool_size = pool_size; } + + /// Set the TLS configuration + /// + /// Also see [`tls_config()`](fn@Self::tls_config). + pub fn set_tls_config(&mut self, tls_config: Option) { + self.tls_config = tls_config; + } } /// Default Qdrant client configuration. @@ -204,6 +239,7 @@ impl Default for QdrantConfig { compression: None, check_compatibility: true, pool_size: 3, + tls_config: None, } } } diff --git a/src/qdrant_client/mod.rs b/src/qdrant_client/mod.rs index 9b121d23..1e728edb 100644 --- a/src/qdrant_client/mod.rs +++ b/src/qdrant_client/mod.rs @@ -107,6 +107,7 @@ impl Qdrant { config.connect_timeout, config.keep_alive_while_idle, 1, // No need to create a pool for the compatibility check. + config.tls_config.clone(), ); let client = Self { channel: Arc::new(channel), @@ -152,6 +153,7 @@ impl Qdrant { config.connect_timeout, config.keep_alive_while_idle, config.pool_size, + config.tls_config.clone(), ); let client = Self {